reddit hackernews mail facebook facebook linkedin


Living Off The Land Binaries, Scripts and Libraries.

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

A LOLBin/Lib/Script must:

* Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.
* Have extra "unexpected" functionality. It is not interesting to document intended use cases.
* Have functionality that would be useful to an APT or red team

Interesting functionality can include:

* Executing code
* Compiling code
* File operations
* Persistence
* UAC bypass
* Credential theft
* Dumping process memory
* Surveillance (e.g. keylogger, network trace)
* Log evasion/modification
* DLL side-loading/hijacking without being relocated elsewhere in the filesystem.